Linux Kernel Btrfs Circular Lock Dependency Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, which involved a circular locking dependency. This issue arose in the 'btrfs_read_locked_inode()' function, where 'btrfs_init_file_extent_tree()' was called while holding a read lock on a leaf from a subvolume tree. The 'btrfs_init_file_extent_tree()' function can perform a memory allocation that triggers reclaim, leading to a circular lock dependency. This scenario was flagged by the kernel's lock dependency checker, indicating a potential deadlock situation.

Impact

Exploitation of this vulnerability can lead to a deadlock, where the 'kswapd' process, responsible for memory management, gets stuck waiting for locks held by other processes, effectively halting its operation and potentially causing memory management issues.

Reproduction

The vulnerability can be reproduced by performing a file operation that triggers the 'btrfs_read_locked_inode()' function while a read lock is held on a subvolume leaf. This can be done by initiating a file sync operation on a Btrfs directory, which causes the 'kswapd' process to evict inodes. Simultaneously, a lookup operation can be performed that requires reading from the same subvolume leaf, creating a conflict that leads to a deadlock.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.